working on orbi
This commit is contained in:
parent
4d79e88566
commit
c97adde5f4
8 changed files with 159 additions and 175 deletions
39
flake.lock
39
flake.lock
|
@ -1039,6 +1039,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_8": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1707929101,
|
||||||
|
"narHash": "sha256-mF639zYYhQ6+LZgIP33weVdOmLbY7GHAhK+XsIFEEqU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "4dec2a6e52b5d910b428468680707f7f73a1219f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable-small",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nose": {
|
"nose": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -1285,6 +1301,11 @@
|
||||||
"secrets": "secrets",
|
"secrets": "secrets",
|
||||||
"smoke": "smoke",
|
"smoke": "smoke",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
|
"srvos": "srvos",
|
||||||
|
"srvos_nixpkgs": [
|
||||||
|
"srvos",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
"stylix": "stylix",
|
"stylix": "stylix",
|
||||||
"taskshell": "taskshell"
|
"taskshell": "taskshell"
|
||||||
}
|
}
|
||||||
|
@ -1397,6 +1418,24 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"srvos": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_8"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1708003942,
|
||||||
|
"narHash": "sha256-M0d1ouJUVCDiorvuAXifrR03geHGAf+3ELD7kuayWfI=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "srvos",
|
||||||
|
"rev": "e19a0dc562b1df371772d90613f91c2a6b1839b3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "srvos",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"stylix": {
|
"stylix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"base16": "base16",
|
"base16": "base16",
|
||||||
|
|
31
flake.nix
31
flake.nix
|
@ -51,6 +51,8 @@
|
||||||
url = "github:Mic92/retiolum";
|
url = "github:Mic92/retiolum";
|
||||||
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
||||||
};
|
};
|
||||||
|
srvos.url = "github:nix-community/srvos";
|
||||||
|
srvos_nixpkgs.follows = "srvos/nixpkgs";
|
||||||
landingpage = {
|
landingpage = {
|
||||||
#url = "git+file:///home/palo/dev/landingpage";
|
#url = "git+file:///home/palo/dev/landingpage";
|
||||||
url = "github:mrVanDalo/landingpage";
|
url = "github:mrVanDalo/landingpage";
|
||||||
|
@ -110,6 +112,8 @@
|
||||||
, private_assets
|
, private_assets
|
||||||
, retiolum
|
, retiolum
|
||||||
, secrets
|
, secrets
|
||||||
|
, srvos
|
||||||
|
, srvos_nixpkgs
|
||||||
, smoke
|
, smoke
|
||||||
, sops-nix
|
, sops-nix
|
||||||
, stylix
|
, stylix
|
||||||
|
@ -122,9 +126,9 @@
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
|
|
||||||
|
|
||||||
meta = rec {
|
meta = {nixpackages ? nixpkgs}: rec {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpackages {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
config.permittedInsecurePackages = [
|
config.permittedInsecurePackages = [
|
||||||
|
@ -179,9 +183,10 @@
|
||||||
{ name
|
{ name
|
||||||
, host ? "${name}.private"
|
, host ? "${name}.private"
|
||||||
, modules
|
, modules
|
||||||
|
, nixpackages ? nixpkgs
|
||||||
}:
|
}:
|
||||||
nixosSystem {
|
nixosSystem {
|
||||||
inherit (meta) system specialArgs pkgs;
|
inherit (meta { nixpackages = nixpackages; }) system specialArgs pkgs;
|
||||||
modules = modules ++ defaultModules ++ [
|
modules = modules ++ defaultModules ++ [
|
||||||
{
|
{
|
||||||
_module.args.nixinate = {
|
_module.args.nixinate = {
|
||||||
|
@ -355,6 +360,21 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
orbi = nixosConfigurationSetup {
|
||||||
|
name = "orbi";
|
||||||
|
host = "95.216.66.212";
|
||||||
|
modules = [
|
||||||
|
homeManagerModules
|
||||||
|
srvos.nixosModules.hardware-hetzner-online-intel
|
||||||
|
srvos.nixosModules.server
|
||||||
|
srvos.nixosModules.mixins-terminfo
|
||||||
|
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||||
|
{
|
||||||
|
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||||
|
home-manager.users.root = import ./nixos/homes/root;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
robi = nixosConfigurationSetup {
|
robi = nixosConfigurationSetup {
|
||||||
name = "robi";
|
name = "robi";
|
||||||
modules = [
|
modules = [
|
||||||
|
@ -370,8 +390,3 @@
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -59,7 +59,7 @@ in
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
|
|
||||||
mutableUsers = true;
|
mutableUsers = lib.mkDefault true;
|
||||||
|
|
||||||
defaultUserShell = pkgs.zsh;
|
defaultUserShell = pkgs.zsh;
|
||||||
|
|
||||||
|
|
|
@ -1,110 +1,87 @@
|
||||||
{ lib, config, pkgs, ... }: {
|
{ lib, config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
||||||
../../system/all/nginx.nix
|
#../../system/all/nginx.nix
|
||||||
../../system/all/borg-jobs.nix
|
../../system/all/borg-jobs.nix
|
||||||
../../system/all/defaults.nix
|
../../system/all/defaults.nix
|
||||||
../../system/server/packages.nix
|
../../system/server/packages.nix
|
||||||
|
|
||||||
../../components
|
../../components
|
||||||
|
|
||||||
../../modules
|
../../modules
|
||||||
|
|
||||||
|
./disko-config.nix
|
||||||
./hetzner.nix
|
./hetzner.nix
|
||||||
|
|
||||||
# services
|
# services
|
||||||
./borg.nix
|
#./borg.nix
|
||||||
./codimd.nix
|
#./codimd.nix
|
||||||
./gitea.nix
|
#./gitea.nix
|
||||||
./nextcloud.nix
|
#./nextcloud.nix
|
||||||
./packages.nix
|
#./packages.nix
|
||||||
./taskserver.nix
|
#./taskserver.nix
|
||||||
./vaultwarden.nix
|
#./vaultwarden.nix
|
||||||
./nginx.nix
|
#./nginx.nix
|
||||||
./nginx-wkd.nix
|
#./nginx-wkd.nix
|
||||||
|
|
||||||
./network-tinc.nix
|
#./network-tinc.nix
|
||||||
./network-wireguard.nix
|
#./network-wireguard.nix
|
||||||
|
|
||||||
./media-share.nix
|
#./media-share.nix
|
||||||
./media-jellyfin.nix
|
#./media-jellyfin.nix
|
||||||
./media-syncthing.nix
|
#./media-syncthing.nix
|
||||||
./media-transmission.nix
|
#./media-transmission.nix
|
||||||
./media-transmission2.nix
|
#./media-transmission2.nix
|
||||||
./media-arr.nix
|
#./media-arr.nix
|
||||||
#./media-tdarr.nix
|
|
||||||
#./media-unmanic.nix
|
|
||||||
|
|
||||||
./sync-opentracker.nix
|
#./sync-opentracker.nix
|
||||||
./sync-torrent.nix
|
#./sync-torrent.nix
|
||||||
|
|
||||||
#./social-jitsi.nix
|
#./social-jitsi.nix
|
||||||
|
|
||||||
# matrix
|
# matrix
|
||||||
./terranix-dendrite.nix
|
# ------
|
||||||
|
#./terranix-dendrite.nix
|
||||||
|
|
||||||
# logging
|
# logging
|
||||||
./loki.nix
|
#./loki.nix
|
||||||
./loki-promtail.nix
|
#./loki-promtail.nix
|
||||||
./prometheus.nix
|
##./prometheus.nix
|
||||||
./grafana.nix
|
#./grafana.nix
|
||||||
./telegraf.nix
|
./telegraf.nix
|
||||||
|
|
||||||
./cache.nix
|
#./cache.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
components.terminal.enable = true;
|
components.terminal.enable = true;
|
||||||
components.mainUser.enable = true;
|
components.mainUser.enable = true;
|
||||||
components.gui.enable = false;
|
components.gui.enable = false;
|
||||||
|
|
||||||
components.network.enable = true;
|
components.network.enable = true;
|
||||||
components.network.wifi.enable = false;
|
components.network.wifi.enable = false;
|
||||||
|
|
||||||
# 2 hours = 2 * 60 * 60 = 7200 seconds
|
|
||||||
#services.netdata.config.global.history = 7200;
|
|
||||||
# 4 hours = 4 * 60 * 60 = 14440 seconds
|
|
||||||
services.netdata.config.global.history = 14440;
|
|
||||||
# 24 hours = 24 * 60 * 60 = 86400 seconds
|
|
||||||
#services.netdata.config.global.history = 86400;
|
|
||||||
|
|
||||||
services.sshguard.enable = true;
|
|
||||||
|
|
||||||
# Shell configuration
|
|
||||||
# -------------------
|
|
||||||
#programs.custom. zsh.enable = true;
|
|
||||||
users.users.root.shell = pkgs.zsh;
|
users.users.root.shell = pkgs.zsh;
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/robi.yaml;
|
sops.defaultSopsFile = ../../secrets/robi.yaml;
|
||||||
# virtualisation.docker.enable = false;
|
|
||||||
services.printing.enable = false;
|
|
||||||
services.smartd.enable = true;
|
services.smartd.enable = true;
|
||||||
|
|
||||||
# chungus rsync
|
# Use GRUB2 as the boot loader.
|
||||||
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ];
|
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
||||||
fileSystems."/var/lib/nextcloud" =
|
boot.loader.systemd-boot.enable = false;
|
||||||
{
|
boot.loader.grub = {
|
||||||
device = "/dev/vg/nextcloud";
|
enable = true;
|
||||||
fsType = "ext4";
|
efiSupport = false;
|
||||||
};
|
};
|
||||||
|
boot.loader.grub.mirroredBoots = [
|
||||||
fileSystems."/var/lib/borgbackup" =
|
{ path = "/boot-1"; devices = [ "/dev/sda" ]; }
|
||||||
{
|
{ path = "/boot-2"; devices = [ "/dev/sdb" ]; }
|
||||||
device = "/dev/vg/borg";
|
];
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/media" =
|
|
||||||
{
|
|
||||||
device = "/dev/vg/media";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
# usually part of the wifi.nix module
|
|
||||||
# because Networkd-wait-online is just failing.
|
|
||||||
#systemd.services.systemd-networkd-wait-online.enable = false;
|
|
||||||
systemd.services.NetworkManager-wait-online.enable = false;
|
|
||||||
|
|
||||||
|
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||||
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
|
# head -c4 /dev/urandom | od -A none -t x4
|
||||||
|
networking.hostId = "5bb982a6";
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,14 +39,15 @@ in
|
||||||
{
|
{
|
||||||
name = "zfs";
|
name = "zfs";
|
||||||
start = "500MiB";
|
start = "500MiB";
|
||||||
size = "500GB";
|
end = "500GiB";
|
||||||
content = {
|
content = {
|
||||||
type = "luks";
|
type = "luks";
|
||||||
name = "root_${disk}";
|
name = "root_${disk}";
|
||||||
settings = {
|
settings = {
|
||||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
# for example use `echo -n "password" > /tmp/secret.key`
|
# for example use `echo -n "password" > /run/secret.key`
|
||||||
keyFile = "/tmp/secret.key";
|
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
||||||
|
keyFile = "/run/secret.key";
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
};
|
};
|
||||||
content = {
|
content = {
|
||||||
|
@ -57,13 +58,14 @@ in
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "zfs";
|
name = "zfs";
|
||||||
size = "100%";
|
start = "500GiB";
|
||||||
|
end = "100%";
|
||||||
content = {
|
content = {
|
||||||
type = "luks";
|
type = "luks";
|
||||||
settings = {
|
settings = {
|
||||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
# for example use `echo -n "password" > /tmp/secret.key`
|
# for example use `echo -n "password" > /run/secret.key`
|
||||||
keyFile = "/tmp/secret.key";
|
keyFile = "/run/secret.key";
|
||||||
allowDiscards = true;
|
allowDiscards = true;
|
||||||
};
|
};
|
||||||
name = "media_${disk}";
|
name = "media_${disk}";
|
||||||
|
@ -75,8 +77,7 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
} );
|
||||||
);
|
|
||||||
|
|
||||||
|
|
||||||
zpool = {
|
zpool = {
|
||||||
|
@ -123,22 +124,22 @@ in
|
||||||
options = {
|
options = {
|
||||||
mountpoint = "legacy";
|
mountpoint = "legacy";
|
||||||
compression = "lz4";
|
compression = "lz4";
|
||||||
"com.sun:auto-snapshot:daily" = false;
|
#"com.sun:auto-snapshot:daily" = false;
|
||||||
"com.sun:auto-snapshot:weekly" = false;
|
#"com.sun:auto-snapshot:weekly" = false;
|
||||||
"com.sun:auto-snapshot:monthly" = false;
|
#"com.sun:auto-snapshot:monthly" = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# todo make sure this disk has some minimum space
|
# todo make sure this disk has some minimum space
|
||||||
"nextcloud" = {
|
"nextcloud" = {
|
||||||
type = "zfs_fs";
|
type = "zfs_fs";
|
||||||
mountpoint = "/var/lib/nextcloud/";
|
mountpoint = "/var/lib/nextcloud";
|
||||||
options = {
|
options = {
|
||||||
mountpoint = "legacy";
|
mountpoint = "legacy";
|
||||||
compression = "lz4";
|
compression = "lz4";
|
||||||
"com.sun:auto-snapshot:hourly" = true;
|
"com.sun:auto-snapshot:hourly" = toString true;
|
||||||
"com.sun:auto-snapshot:daily" = true;
|
"com.sun:auto-snapshot:daily" = toString true;
|
||||||
"com.sun:auto-snapshot:weekly" = false;
|
#"com.sun:auto-snapshot:weekly" = false;
|
||||||
"com.sun:auto-snapshot:monthly" = false;
|
#"com.sun:auto-snapshot:monthly" = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,35 +4,11 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/d6a794d2-1da4-4457-9a9a-a39bf9521ae4";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot-1" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/519D-F289";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot-2" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/519E-6EF1";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
hostName = "robi";
|
hostName = "orbi";
|
||||||
|
|
||||||
# apt install -y lshw
|
# apt install -y lshw
|
||||||
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
|
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
|
||||||
|
@ -13,13 +13,13 @@ let
|
||||||
|
|
||||||
# From the Hetzner control panel
|
# From the Hetzner control panel
|
||||||
ipv4 = {
|
ipv4 = {
|
||||||
address = "144.76.13.147"; # the ip address
|
address = "95.216.66.212"; # the ip address
|
||||||
gateway = "144.76.13.129"; # the gateway ip address
|
gateway = "95.216.66.193"; # the gateway ip address
|
||||||
netmask = "255.255.255.224"; # the netmask -- might not be the same for you!
|
netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
|
||||||
prefixLength = 27; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
|
prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
|
||||||
};
|
};
|
||||||
ipv6 = {
|
ipv6 = {
|
||||||
address = "2a01:4f8:190:9147::1"; # the ipv6 addres
|
address = "2a01:4f9:2b:326::2"; # the ipv6 addres
|
||||||
gateway = "fe80::1"; # the ipv6 gateway
|
gateway = "fe80::1"; # the ipv6 gateway
|
||||||
prefixLength = 64; # shown in the control panel
|
prefixLength = 64; # shown in the control panel
|
||||||
};
|
};
|
||||||
|
@ -30,59 +30,32 @@ in
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
# ./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# needed lvm for raid
|
# needed lvm for raid
|
||||||
boot.initrd.kernelModules = [
|
#boot.initrd.kernelModules = [ ];
|
||||||
"dm-snapshot"
|
|
||||||
"dm_mirror"
|
|
||||||
"dm_raid"
|
|
||||||
"dm_region_hash"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use GRUB2 as the boot loader.
|
# Use GRUB2 as the boot loader.
|
||||||
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
||||||
boot.loader.systemd-boot.enable = false;
|
#boot.loader.systemd-boot.enable = false;
|
||||||
boot.loader.grub = {
|
#boot.loader.grub = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
efiSupport = false;
|
# efiSupport = false;
|
||||||
};
|
#};
|
||||||
|
|
||||||
# This will mirror all UEFI files, kernels, grub menus and
|
|
||||||
# things needed to boot to the other drive.
|
|
||||||
boot.loader.grub.mirroredBoots = [
|
|
||||||
{ path = "/boot-1"; devices = [ "/dev/sda" ]; }
|
|
||||||
{ path = "/boot-2"; devices = [ "/dev/sdb" ]; }
|
|
||||||
];
|
|
||||||
|
|
||||||
# We want to still be able to boot without one of these
|
|
||||||
fileSystems."/boot-1".options = [ "nofail" ];
|
|
||||||
fileSystems."/boot-2".options = [ "nofail" ];
|
|
||||||
|
|
||||||
boot.initrd.luks.reusePassphrases = true;
|
|
||||||
boot.initrd.luks.devices = {
|
|
||||||
a_encrypted = {
|
|
||||||
device = "/dev/sda3";
|
|
||||||
preLVM = true;
|
|
||||||
};
|
|
||||||
b_encrypted = {
|
|
||||||
device = "/dev/sdb3";
|
|
||||||
preLVM = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
|
|
||||||
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
|
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
|
||||||
networking.useDHCP = false;
|
#networking.useDHCP = false;
|
||||||
networking.interfaces.${networkInterface} = {
|
#networking.interfaces.${networkInterface} = {
|
||||||
ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
|
# ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
|
||||||
ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
|
# ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
|
||||||
};
|
#};
|
||||||
networking.defaultGateway = ipv4.gateway;
|
#networking.defaultGateway = ipv4.gateway;
|
||||||
networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
|
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
|
||||||
networking.nameservers = [ "8.8.8.8" ];
|
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
||||||
|
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
|
||||||
|
|
||||||
# Initial empty root password for easy login:
|
# Initial empty root password for easy login:
|
||||||
users.users.root.initialHashedPassword = "";
|
users.users.root.initialHashedPassword = "";
|
||||||
|
@ -96,18 +69,21 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
services.sshguard.enable = true;
|
||||||
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
# enable ssh on init
|
# enable ssh on init
|
||||||
# ------------------
|
# ------------------
|
||||||
|
|
||||||
boot.kernelParams = [
|
#boot.kernelParams = [
|
||||||
# See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
|
# # See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
|
||||||
# ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
|
# # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
|
||||||
# The server ip refers to the NFS server -- we don't need it.
|
# # The server ip refers to the NFS server -- we don't need it.
|
||||||
"ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
|
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
|
||||||
];
|
#];
|
||||||
|
|
||||||
|
boot.kernelParams = [ "ip=dhcp" ];
|
||||||
boot.initrd.availableKernelModules = [ networkInterfaceModule ];
|
boot.initrd.availableKernelModules = [ networkInterfaceModule ];
|
||||||
boot.initrd.network.enable = true;
|
boot.initrd.network.enable = true;
|
||||||
boot.initrd.network.ssh = {
|
boot.initrd.network.ssh = {
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
# some system stuff
|
# some system stuff
|
||||||
# -----------------
|
# -----------------
|
||||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
#time.timeZone = lib.mkDefault "Pacific/Auckland";
|
#time.timeZone = lib.mkDefault "Pacific/Auckland";
|
||||||
#time.timeZone = lib.mkDefault "Asia/Singapore";
|
#time.timeZone = lib.mkDefault "Asia/Singapore";
|
||||||
#time.timeZone = lib.mkDefault "Asia/Makassar";
|
#time.timeZone = lib.mkDefault "Asia/Makassar";
|
||||||
|
|
Loading…
Reference in a new issue